Security Affairs

FEBRUARY 7, 2022

Cybersecurity firm Avast has released a decryption tool to allow victims of TargetCompany ransomware to recover their files for free. Czech cybersecurity software firm Avast has released a decryption tool that could allow victims of the TargetCompany ransomware to recover their files for free under certain circumstances.

Ransomware 98

Ransomware Encryption Passwords File names 98

Security Affairs

OCTOBER 27, 2021

Researchers from cybersecurity firm Avast released a decryption tool for Babuk ransomware that allows victims to recover their files for free. Cybersecurity firm Avast has released a decryption tool for Babuk ransomware that allows victims to recover their files for free. Pierluigi Paganini.

Ransomware 102

Ransomware File names Encryption Cybersecurity 102

Security Affairs

JUNE 30, 2022

Good news for the victims of the Hive ransomware, Korean security researchers have released a free decryptor for some versions. Good news for the victims of the Hive ransomware , the South Korean cybersecurity agency KISA has released a free decryptor for versions from v1 till v4.

Ransomware 106

Ransomware Cybersecurity Encryption Blockchain 106

Security Affairs

MARCH 3, 2020

The operators behind the Nemty ransomware set up a data leak site to publish the data of the victims who refuse to pay ransoms. Nemty ransomware first appeared on the threat landscape in August 2019, the name of the malware comes after the extension it adds to the encrypted file names. Pierluigi Paganini.

Ransomware 108

Ransomware File names Encryption Archiving 108

Security Affairs

SEPTEMBER 12, 2022

Cisco confirmed the May attack and that the data leaked by the Yanluowang ransomware group was stolen from its systems. In August, Cisco disclosed a security breach, the Yanluowang ransomware gang breached its corporate network in late May and stole internal data. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware 106

Ransomware IT Authentication File names 106

Security Affairs

MAY 13, 2023

The CheckMate ransomware operators have been targeting the Server Message Block (SMB) communication protocol used for file sharing to compromise their victims’ networks. That’s quite unusual for a ransomware campaign since many prominent gangs brag about big targets and post them as victims on their data leak sites.

Ransomware 97

Ransomware Encryption Passwords File names 97

Security Affairs

MARCH 26, 2021

Experts identified Tor hidden services and clearnet URLs via various open-source reporting that could be associated with the activity of the Hades ransomware. Researchers from Crowdstrike speculate that the new variant is a successor to WastedLocker ransomware and linked the operations to Evil Corp operations. Pierluigi Paganini.

Ransomware 143

Ransomware Encryption File names Manufacturing 143

Security Affairs

APRIL 27, 2020

The operators behind the Shade Ransomware (Troldesh) shut down their operations and released over 750,000 decryption keys. Good news for the victims of the infamous Shade Ransomware , the operators behind the threat have shut down their operations and released over 750,000 decryption keys. txt through README10.txt, Pierluigi Paganini.

Ransomware 132

Ransomware File names Education Encryption 132

Security Affairs

OCTOBER 11, 2019

Good news for the victims of the Nemty Ransomware , security researchers have released a free decryptor that could be used to recover files. I have great news for the victims of the recently discovered Nemty Ransomware , security researchers have released a free decryptor tool that could be used to recover files.

Ransomware 103

Ransomware File names Encryption Security 103

Security Affairs

MAY 19, 2021

Conti ransomware also breached the network of Ireland’s Department of Health (DoH) but the ransomware failed to encrypt the systems. Last week, Conti ransomware gang targeted the Ireland’s Health Service Executive that was forced to shut down its IT systems on Friday after being targeted with a significant ransomware attack.

Ransomware 90

Ransomware Encryption File names IoT 90

Security Affairs

JANUARY 28, 2020

The recently discovered Snake Ransomware has been targeting processes and files associated with industrial control systems (ICS). Security experts from SentinelOne reported that the recently discovered Snake Ransomware has been targeting processes and files associated with industrial control systems (ICS).

Ransomware 97

Ransomware Energy and Utilities Manufacturing Encryption 97

Security Affairs

MAY 25, 2020

Ransomware encrypts from virtual machines to evade antivirus. Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. In a recently detected attack, Ragnar Locker ransomware was deployed inside an Oracle VirtualBox Windows XP virtual machine.”

Encryption 110

Encryption Ransomware Energy and Utilities File names 110

Security Affairs

MARCH 1, 2021

The Javascript-based infection framework for the Gootkit RAT was enhanced to deliver a wider variety of malware, including ransomware. The framework was improved to deploy a wider range of malware, including ransomware payloads. ” reads the analysis published by researchers Gabor Szappanos and Andrew Brandt from Sophos.

Search queries 113

Search queries CMS Ransomware File names 113

Security Affairs

APRIL 10, 2023

Iran-linked APT group MERCURY is behind destructive attacks on hybrid environments masquerading as a ransomware operation. Threat actors masqueraded the attacks as a standard ransomware operation. The attackers were able to interfere with security tools using Group Policy Objects (GPO).

Ransomware 97

Ransomware File names Access Education 97

Security Affairs

SEPTEMBER 22, 2022

in the collaboration tool Atlassian Confluence. “If left unremedied and successfully exploited, this vulnerability could be used for multiple and more malicious attacks, such as a complete domain takeover of the infrastructure and the deployment information stealers, remote access trojans (RATs), and ransomware.”

Mining 121

Mining File names Ransomware Cloud 121

Security Affairs

APRIL 24, 2021

“The bot is embedded into the ToxicEye RAT configuration file and compiled into an executable file (an example of a file name we found was ‘paypal checker by saint.exe’). Experts also noticed that the RAT implements Ransomware features such as the ability to encrypt and decrypt victim’s files.

Communications 121

Communications File names Encryption Education 121

Security Affairs

APRIL 18, 2021

Experts warn of malware campaigns delivering the BazarLoader malware abusing popular collaboration tools like Slack and BaseCamp. Since January, researchers observed malware campaigns delivering the BazarLoader malware abusing popular collaboration tools like Slack and BaseCamp. ” reads the analysis published by Sophos.

File names 116

File names Ransomware Phishing Encryption 116

Security Affairs

AUGUST 16, 2021

According to research from Amnpardaz and SentinelOne , the attackers employed a wiper malware dubbed Meteor and not by ransomware as initially thought. A file named mssetup.exe was used as a screenlocker that locked the user out of their systems, and the nti.exe file used to corrupt the system’s master boot record (MBR). .

File names 104

File names Ransomware IT Security 104

Security Affairs

MARCH 18, 2022

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017, causing billions worth of damage. The underlying operating systems for the majority of IoT devices is Linux, which is also used by many powerful systems tools. ” reads the advisory published by TrendMicro.

IoT 99

IoT Military File names Communications 99

eSecurity Planet

AUGUST 30, 2023

The impersonated emails might contain annoying SPAM, but more often the phishing email will deliver more dangerous payloads that lead to stolen credentials, business email compromise (BEC) attacks, or ransomware attacks. Meanwhile, the company being impersonated has no financial incentive to change their behavior.

Authentication 99

Authentication Phishing Encryption Sales 99

eSecurity Planet

APRIL 6, 2023

Ransomware is a type of malicious program, or malware, that encrypts files, documents and images on a computer or server so that users cannot access the data. Ransomware is the most feared cybersecurity threat and with good reason: Its ability to cripple organizations by locking their data is a threat like no other.

Ransomware 98

Ransomware Encryption Cybersecurity Risk 98

eSecurity Planet

SEPTEMBER 25, 2023

The Akira ransomware group made news too, expanding its attacks to include Linux-based systems, and Trend Micro issued a fix for a zero-day vulnerability in its Apex One endpoint security tools. See the Top Code Debugging and Code Security Tools Sept. The problem: The Akira ransomware group is back in the headlines.

Ransomware 107

Ransomware Cybersecurity File names Security 107

eSecurity Planet

AUGUST 10, 2023

As a bonus, many of these tools are free to access and have specialized feeds that focus on different industries and sectors. Cons Though free tools and integrations are available, OTX works best with paid AT&T Cybersecurity products like AlienVault USM. Threat dashboards are highly intuitive and easy to read.

Cybersecurity 96

Cybersecurity Access Metadata Energy and Utilities 96

Security Affairs

JUNE 10, 2019

The CVE-2019-2725 flaw was patched in late April, unfortunately, a few days later threat actors started exploiting the Oracle WebLogic Server vulnerability to deliver the Sodinokibi ransomware. “It then employs the component CertUtil, which is used to manage certificates in Windows, to decode the file.” 509 TLS file format.

File names 88

File names Ransomware Privacy IT 88

Security Affairs

OCTOBER 5, 2021

An unnamed ransomware gang used a custom Python script to target VMware ESXi and encrypt all the virtual machines hosted on the server. Researchers from Sophos were investigating a ransomware attack when discovered that the attackers employed a Python script to encrypt virtual machines hosted on VMware ESXi servers. Pierluigi Paganini.

Encryption 141

Encryption Ransomware File names Passwords 141

Security Affairs

JANUARY 8, 2020

A new piece of ransomware called SNAKE appeared in threat landscape, the malware is now targeting company networks. The SNAKE is a new ransomware that is threatening enterprises worldwide along with most popular ransomware families such as Ryuk , Maze , Sodinokibi , LockerGoga , BitPaymer , DoppelPaymer , MegaCortex , LockerGoga.

Ransomware 77

Ransomware Encryption File names IT 77

Security Affairs

JANUARY 28, 2020

Marco Ramilli published the Cyber Threat Trends Dashbo a rd , a useful tool that will allow us to better understand most active threats in real time. The dashboard is available HERE (on top menu TOOLS => Cyber Threat Trends ). For such a reason a dedicated graph named Unknown Families Threat Level Distribution has created.

File names 91

File names Cybersecurity Ransomware IT 91

KnowBe4

MAY 31, 2023

The steady nature of ransomware attacks is a reminder that no company is immune. We can't (yet) stop ransomware. What we can do is limit the effectiveness and frequency of ransomware by increasing basic cyber awareness. Spoofed domains, malicious attachments and executables to name a few.

Phishing 79

Phishing File names Security awareness Risk 79